It isn’t just Facebook. Countless data-broker sites are selling your information to the highest bidder.
This article was made possible because of the generous support of DAME members. We urgently need your help to keep publishing. Will you contribute just $5 a month to support our journalism?
I used to feel like I had nothing to hide when it came to my privacy.
But then I lost it.
In 2016, when online hate raged, I found myself on the wrong end of an argument. In those divisive days before the election, I was among the countless Americans who encountered internet trolls while engaging in conversations on social media. To my horror, a small group of strangers found and shared my address—a nefarious practice called doxxing—in an effort to intimidate me offline.
It worked, especially when a few typed notes arrived at my home. The gist of these threats was: “We found you. We’re watching you.”
I logged off social media completely. In my most isolated moments, I felt so upset I couldn’t keep food down. I dyed my fair hair brown to avoid being recognized. And I tried to find a therapist who might understand that what I experienced online was real and not just in my head.
Through anti-harassment groups like iHeartMob, I discovered what happened to me was Draconian. No one deserves to have personal data spilled out on the internet—ever. Such behavior is a suppression of free speech, not an expression of the democracy we share.
I learned to protect myself by opting-out of data-broker sites like Whitepages and Intelius. Content can include Google maps to private residences, details that leave individuals vulnerable to online harassment and doxxing. But every time I located a site’s policies, usually listed in fine print in the privacy tab, I encountered more data-broker sites with different opt-out procedures. As shown here by this list of nearly 50 companies, data brokers are as varied as artisanal coffees. And they are constantly proliferating.
According to content on DeleteMe, a privacy-protection service, not all sites have opt-out procedures because not all of them are based in the United States.
“No one can completely disappear from data-broker websites,” a spokesperson from DeleteMe explained. “One main reason for this is because a lot of the information that’s found on these websites is actually already public record. Normal everyday actions that you do as a functioning member of society can create public record information about you, like buying property, renewing a driver’s license, or registering to vote.”
Is Anyone Protecting Our Privacy?
Congress has yet to pass a law regulating data brokers, according to Juliana Gruenwald Henderson of the Office of Public Affairs from the U.S. Federal Trade Commission (FTC).
In 2014, the FTC produced a 110-page report, “Data Brokers: A Call for Transparency and Accountability.” In its analysis of nine data brokers, the commission discovered that one database contained 1.4 billion consumer transactions; another had nearly 3,000 data segments for nearly every U.S. consumer, whether they went online or not.
Data brokers collect information about us from a variety of offline and online sources, including social media, but who’s to say any of them are trustworthy? Consider how Facebook lost control of personal data belonging to 87 million users.
“These data brokers have lists of interests that are incredibly personal and invasive,” says Jay Stanley, editor of the Free Future blog at American Civil Liberties Union (ACLU) in Washington, D.C. “How many inferences can be made reading between the lines and establishing patterns? People don’t understand privacy may be at risk from small harmless details. There can be a lag between when people lose their privacy and when they realize they’ve lost it.”
As I became increasingly cognizant of the ways in which my identity and safety were slipping away, I continued researching.
That’sThem listed me under two old addresses and included scores rating my wealth (or lack thereof) and proclivity toward travel, charitable giving, recycling, shopping, and use of technology. SpyFly greeted me with a red-and-black banner that screamed: “Warning! The website you are about to access contains actual criminal records.”
To delete my info on MyLife, I called a 1-888 number. I provided my age, date of birth, email, and current address to an operator who kept asking me to repeat myself. SearchBug Premium Listings only removes data if you send a letter through snail mail along with a $20 check. Some sites are partnered with reputation services to help you clean up the negative content data brokers aggregated about you without your consent.
Translation: You are a product driving an unregulated industry that has the power to limit your ability to apply for loans, jobs, and housing. To remove personal information from sites that assemble public records and seemingly unrelated facts about you without your informed consent, you may have to spend money. Not that data brokers can’t be legitimate and helpful, but if you find an error about yourself, you may not be able to contest it.
All of this data talking to data makes me want what former Supreme Court Justice Louis Brandeis described in an important 1928 privacy case as “the right to be let alone—the most comprehensive of rights and the right most valued by civilized men.”
To get into the legalese of a data-broker site, check the fine print, which often appears at the bottom of the screen. Data brokers often post content like:
“Spokeo is not a consumer reporting agency as defined by the Fair Credit Reporting Act (FCRA). This site should not be used to make decisions about employment, tenant screening, or any purpose covered by the FCRA.”
The Fair Credit Reporting Act (FCRA) of 1970 is one of the first instances of data-protection law passed in the computer age. Major features of this amended act include no secret databases that collect information without a consumer’s knowledge or ability to dispute facts. If you want to argue about a mistake in your credit report, you can review the score and come to your own defense to remove inaccuracies.
Because many data brokers are not consumer-reporting agencies like Experian, TransUnion, and Equifax, they don’t follow the same rules under the FCRA. Instead they may build “consumer scores” outside a formal credit bureau file, where protections may not apply, according to a report by the World Privacy Forum, “The Scoring of America: How Secret Consumer Scores Threaten Your Privacy and Your Future.” The report explains that “ranking individuals by grades and other performance numbers is as old as human society,” but secret scores can hide errors, biases, and deny due process of the law.
“Errors in credit scores abound,” the authors write. “And credit scores are based on credit reports, which also are subject to significant errors. If a transparent score with few factors has these kinds of errors, what about consumer scores?”
“If these sites share information that is supposed to be protected, you try to get it removed, and they ignore your requests, who holds them accountable?” asks Sara Baker, global coordinator of Take Back the Tech!, a campaign to end gender-based online harassment. “We had a case recently of a domestic-violence survivor whose information was shared with these sites, despite protections put in place to prevent that, and she had a terrible time trying to get her information removed.”
Businesses like Persopo do make clients answer a list of preliminary questions, but these flimsy yes-no questions include: “Do you agree not to use this information to harass or blackmail any individuals or group?” Such language wouldn’t scare a shih-tzu much less a stalker.
The Rise of Personal Data Surveillance
In colonial America, privacy was especially important because the British could abuse writs of assistance, a type of general search warrant. In 1792, the Fourth Amendment became one of the first ten Constitutional amendments known as the Bill of Rights. You may be most familiar with the Fourth Amendment through the “exclusionary rule” often mentioned in police dramas. If law enforcement obtains evidence without a warrant, that evidence could be considered inadmissible in court.
“The Fourth Amendment definitely applies in the electronic age even if it is not up-to-date as it should be and could be,” says Jay Stanley of the ACLU. “The problem is that the Fourth Amendment only applies to the government, not private companies. When it comes to private sector entities like data brokers, other than certain restrictions under the Fair Credit Reporting Act, it’s pretty much the Wild West. There are few to no restrictions on what they can do.”
In 1986, Congress enacted the Electronic Communications Privacy Act (ECPA) to restrict unlawful government surveillance of private electronic communications, including wiretapping, bugging, and computer searches. While the statute recognized the future, and has been amended, critics say it never received an adequate makeover either.
Law concerning electronic evidence in criminal investigations comes from two main sources: statutory privacy laws like the ECPA or the Fourth Amendment to the U.S. Constitution, according to “Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations.” Under the Third Party Doctrine, individuals may lose Fourth Amendment protections when they voluntarily relinquish control of information to a bank, phone company, email server, or internet service provider. Just like we can’t have a “reasonable expectation of privacy” if we scream secrets out on the street, we shouldn’t trust the confidentiality of information once it’s out of our hands, delivered, and then finally possessed by a third party with interests different from our own.
“What that means is that Thomas Jefferson had his medical, financial, and correspondence files stored in his office at Monticello,” says Stanley, explaining the way legislation hasn’t kept up with technology. “The government couldn’t get to them without a warrant. Today, everyone stores their information on the servers of Google and other international corporations, so it is not covered by the Fourth Amendment because it’s in the hands of a third party—just one way the Fourth Amendment has not been updated to deal with the reality of the modern world.”
A logical thought might be to limit screen time, but tech has become such a seamless part of our lives that includes GPS, dating apps, Fitbits, EBT cards, and cloud-based music services.
“So don’t use a credit card,” suggests law professor Daniel Solove in his book Nothing to Hide: The False Tradeoff Between Privacy and Security. “Don’t have cable. Don’t use the internet. Don’t use the phone. Don’t have a bank account. Don’t have insurance. Don’t go to a hospital. Don’t have a job. Don’t rent an apartment. Don’t subscribe to any magazines or newspapers. Don’t do anything that creates a record. In other words, go live as a hermit in a cabin on a mountain top. That’s where the Fourth Amendment still protects you.”
Solove explains that in times of crisis, Americans often hand their civil liberties to authorities. After the panic of September 11, 2001, the Patriot Act enabled the government to perform warrantless wiretapping in order to catch terrorists. During World War II and the Cold War, J. Edgar Hoover ordered secret dossiers on hundreds of citizens.
When security outweighs privacy, minorities and dissidents may suffer more than others, Solove believes. Examples include the Japanese internment camps of the 1940s and travel bans singling out Muslim-majority countries.
Without Privacy, We Are Not American
Sara Baker from Take Back the Tech! explains that women and marginalized groups traditionally respond to harassment by scaling back their engagement in society. Instead of celebrating unique views or demanding equality, they may avoid calling attention to themselves in order to evade abuse.
In essence, they give up freedoms that make them uniquely American.
I understand how this could happen. When I deleted my social media accounts, I thought I was protecting my safety by making myself less conspicuous. The overriding message in my head—supported by tweets calling me a dumb slut—was that I was being watched. I refused to sign petitions or hold protest signs. Visiting my physical therapist involved talking to nosy receptionists, so I didn’t go. Workouts at the gym involved a computerized membership card and interaction with underpaid staff on cell phones. So I did pushups in my New York apartment. I made myself small. And that makes me angry.
“We have a right to be out there, online or offline,” Baker proclaims.
Yes, we do.
As a mentor, I look to Eleanor Roosevelt. During the Red Scare, she knew the government kept an eye on her and friends who might have had Communist leanings. In 1953, she wrote in her My Day column that Senator Joseph McCarthy “desires to become a dictator, deciding what should be said and thought by all the people within the borders of the U.S.” To our benefit, she kept trekking the world to speak her truth. “Courage is more exhilarating than fear,” she once said. “And in the long run it is easier.”
When it comes to loss of privacy, we shouldn’t be so willing to crawl into stifling spaces and declare, “It’s out there anyway.” Instead, we should demand that technology safeguard our rights while enhancing our sense of connectedness. With true ingenuity, we can have security and advancement at the same time.
On this regard, the European Union is light years ahead of us. The EU’s General Data Protection Regulation (GDPR) goes into effect May 25. Features of the GDPR include synchronized regulations throughout the EU, the “right of erasure,” also known as the “right to be forgotten,” and sanctions for noncompliance. Privacy experts hope the U.S. will follow suit with stricter laws to protect citizens. After the Facebook-Cambridge Analytica scandal, Americans may finally be waking up to the devastating cost of broken boundaries.
“Privacy is a human right,” concludes Jay Stanley of the ACLU. “It is something that we all need as a refuge from the scrutiny of those around us, from those who have power over us, and from people in the community. We need space to form intimacy. We need room to figure out who we are—to experiment with different identities and to feel the freedom to say things to certain people that others can’t hear. That is the essence of human life.”